Multiple Static IPs Comcast - Recommended Equipment Please
-
Ok, just adding onto this a little.
I'm perplexed. From how I understand things, a 1:1 NAT is simply saying, "whatever comes to/from xxx.xxx.xxx.233, do to/from 192.168.1.6" BUT, also in the many of the same posts (not just here, I'm trying to utilize many resources to soak up knowledge), it seems that, while that's all well and good, I would still NEED to setup the "allows" of what traffic (port traffic) is ALLOWed to/from xxx.xxx.xxx.233 / 192.168.1.6
If that's the case, then, any ideas of why when I setup a 1:1 NAT for xxx.xxx.xxx.233 <-> 192.168.1.6, ports that the gameserver used were able to be accessed/"talked to" from the game client (being run off the residential, so definitely not an internal LAN IP, thus "outside") when I hadn't set up any rules?
This leads me to believe maybe I missed a step in creating the 1:1 NAT, which is I suppose allowing all traffic right from the get go? That's not good or desired. :p
Yeah, here is a post from jimp:
https://forum.pfsense.org/index.php?topic=84214.msg461907#msg461907
Where he states, "The ports are not automatically exposed: 1:1 NAT maps all the external ports on that IP to the internal IP but you must still have firewall rules to allow the traffic to reach the local server."
I have no idea then how I was able to login to my gameserver, when all I had was the 1:1 NAT (Firewall -> NAT -> 1:1). :(
A screenshot of the 1:1 NAT for xxx.xxx.xxx.233 <-> 192.168.1.6 in case it might help anyone follow along/assist:
http://i.imgur.com/td2mnyw.jpg
-
If the ports are not open you cannot connect from the outside despite what NAT rules you have in place.
Did you enable UPnP or something?
You're using both of these in the same place. Sure they're not sharing the same LAN somehow?
You do not need a Layer 3 switch to use VLANs. VLANs are Layer 2. You just need a managed switch. You can get an 5-port managed switch for under $40. 8-port for under $50.
-
If the ports are not open you cannot connect from the outside despite what NAT rules you have in place.
Did you enable UPnP or something?
Not to my knowledge, I'll try to find where that/those settings may be though.
You're using both of these in the same place. Sure they're not sharing the same LAN somehow?
I'm positive. I used a laptop connected directly (and barely, ugh I know) to the residential cable modem, which ran the game client. The game server is indeed on the business line via procurve switch via pfsense.
You do not need a Layer 3 switch to use VLANs. VLANs are Layer 2. You just need a managed switch. You can get an 5-port managed switch for under $40. 8-port for under $50.
Oh, well… that is -very- nice to read then. I have one of those, the HP Procurve 1810G-24 I have is Layer 2. (But for now, I'm putting off the VLAN'ing, as I dont plan to "rent" out a VM at this time, the VM we're discussing now is going to run -my- game server)
*Ok, found Services -> UPnP & NAT-PMP
http://i.imgur.com/cwCYmFY.jpg
http://i.imgur.com/mDox44U.jpg
I really have no idea what on my net is using .200 if anything? Pinging it results in nothing, maybe something that was once on my LAN (its outside the DHCP range, that has existed on this thing for 3-4 years, so was something statically assigned at some point). Would the UPnP the way it is configured have caused me outside access to xxx.xxx.xxx.233 <-> 192.168.1.6 ?
So you confirm, even if I have 1:1 NAT set, until I open the ports (via Firewall -> Rules -> WAN and/or Firewall -> NAT -> Port Forward, if Im understading things correctly) should NOT be able to be accessed from the outside. Then, I am definitely at a loss with my limited knowledge. :/
All I can do is help with showing my configs and I'll do so gladly.
-
UPnP and NAT-PMP allow things inside your network (like gaming consoles and malware) to open inbound firewall rules.
Most who care about security consider them to be something of a bad idea. Hence they are both disabled by default.
-
No idea. you need to pass the ports you need to pass. This thread should probably be split into Gaming.
I know the ports I need to pass, just not quite sure the method of doing so.
TCP/ 3360 -> 192.168.1.6 -> xxx.xxx.xxx.233 (VIP) TCP/UDP 5998-5999 -> 192.168.1.6 -> xxx.xxx.xxx.233 (VIP) TCP/UDP 7778 -> 192.168.1.6 -> xxx.xxx.xxx.233 (VIP) UDP 7000-7500 -> 192.168.1.6 -> xxx.xxx.xxx.233 (VIP)I mean, port forwarding I'm comfortable with. But doing just that, still results in the game server (VM) resulting in showing xxx.xxx.xxx.237 when a "what is my ip" via browser (pfSense's WAN) vice xxx.xxx.xxx.233 (VM's VIP)
-
To choose a specific VIP for outbound connections you need outbound NAT, not port forwards.
Unless you have a 1:1 in place that matches.
-
I have a 1:1 in place:
http://i.imgur.com/Yc8szPa.jpg
I have these port forwards (whether or not it's done correctly, I don't know, never did port forwarding on VIP's before):
http://i.imgur.com/KQKBvwt.jpg
So, now all that is left (if I am following correctly and assume the port forwards above are correct as well), is to make Outbound NAT rules, which, I'm completely lost on (the format it shows for the ones that do exist makes sense, the moment I press "Add" and am presented with that screen, I'm lost). I filled in what I think is right, thus far, but not sure of what else should go where on this screen:
http://i.imgur.com/BZNwfld.jpg
-
What is the real, assigned IP address on the "game server (VM)? Not the address that's port forwarded, notht e address you want it to appear as on the internet, the real IP address on your network for that server."
What, exactly, do you want to happen for inbound connections to that VM?
What, exactly, do you want to happen for outbound connections from that VM?
Be specific. Ports, destinations, everything.
This all really does work. It does exactly what you tell it to do.
-
What is the real, assigned IP address on the "game server (VM)? Not the address that's port forwarded, notht e address you want it to appear as on the internet, the real IP address on your network for that server."
192.168.1.6 (LAN) that's the real address of the VM
What, exactly, do you want to happen for inbound connections to that VM?
I want inbound to be able to connect via the game server's (software) ports it's listening to and using to receive/send data for that game. Specifically ports:
TCP 3306
TCP/UDP 5998-5999
TCP/UDP 7778
UDP 7000-7500What, exactly, do you want to happen for outbound connections from that VM?
I want them to go to the player connecting from the Internet, using the same ports they came in on.
But I want their game client to "go" to xxx.xxx.xxx.233 and I want the server to respond back to them as xxx.xxx.xxx.233
This all really does work. It does exactly what you tell it to do.
Of that I have no doubt. I'm just not fluent in its language unfortunately. :/ If I didn't address a parameter you were seeking, please let me know. I AM trying though, I promise you.
-
You do not have to do anything to get replies to go back out the IP address the connection came in on.
That is completely disconnected from the IP address you get when INITIATING A CONNECTION from the same host.
-
You do not have to do anything to get replies to go back out the IP address the connection came in on.
That is completely disconnected from the IP address you get when INITIATING A CONNECTION from the same host.
Ok.
Well, at this point. I have a 1:1 NAT setup.
http://i.imgur.com/Yc8szPa.jpg
So simply setting up Port Forwarding should allow the game server to, server the game.
That didn't do the trick.
So I figured there was MORE I had to do.
See, this is what I did (Port Forwarding):
http://i.imgur.com/tGXKmr6.jpg
The client still cannot connect successfully. Now, when I had just the 1:1 NAT and UPnP enabled, things worked, but, as you noted, UPnP is bad. So it's disabled.
I may be way off, but I sense a frustration. I'm sorry, I'm clueless. But, I'll admit that over and again.
-
Zinga.
It's working.
At some point, likely while trying to figure out how to make the ISP provided gateway a "dumb modem" or "pass-through" (according to what I've read), since it is unable to go into "true bridged mode" without losing its configuration for static ip's.. I managed to deviate from the original video in my OP.
After the 1:1 NAT, I should have (and have now done) added the Firewall -> Rules, manually. I did that in accordance with the video and, it works. No Firewall -> NAT -> Port Forward, no Firewall -> NAT -> Outbound NAT, just Firewall -> Rules -> WAN.
Ugh. I'm sure there are some following giving the ole "SMH" and perhaps I will later down the line as well as I continue to learn, not just -what- to do, but why. However, for now, I'm just happy things are working. I feel comfortable I'll keep the business line and can now call tomorrow to cancel the residential.
Derelict, I do greatly appreciate your assistance. I hope I didn't frustrate you/matters too much. I'll learn to walk one day, much less, get out of diapers. And I promise to pay it forward once I know my knowledge is sound and am within my limits to assist properly.
